|
310641
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privileg…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7354
|
2024-10-5 02:16 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310642
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
|
CWE-79
Cross-site Scripting
|
CVE-2024-7691
|
2024-10-5 02:15 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310643
|
7.5 |
HIGH
Network
|
oceanicsoft
|
valeapp
|
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8644
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310644
|
9.8 |
CRITICAL
Network
|
oceanicsoft
|
valeapp
|
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
|
CWE-384
Session Fixation
|
CVE-2024-8643
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310645
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7692
|
2024-10-5 02:14 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310646
|
7.5 |
HIGH
Network
|
oceanicsoft
|
valeapp
|
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-8609
|
2024-10-5 02:12 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310647
|
9.8 |
CRITICAL
Network
|
oceanicsoft
|
valeapp
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.
|
CWE-89
SQL Injection
|
CVE-2024-8607
|
2024-10-5 02:12 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310648
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: the warning dereferencing obj for nbio_v7_4
if ras_manager obj null, don't print NBIO err data
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46819
|
2024-10-5 02:11 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310649
|
5.4 |
MEDIUM
Network
|
oceanicsoft
|
valeapp
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-8608
|
2024-10-5 02:11 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310650
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/pm: Fix negative array index read
Avoid using the negative values
for clk_idex as an index into an array pptable->DpmDesc…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46821
|
2024-10-5 02:06 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
